12002-10-21 Johan Danielsson <joda@pdc.kth.se>
|
12003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> |
2
|
3 * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
|
3 * Release 0.6 |
4
|
5 * lib/krb5/principal.c: pull up 1.82; don't allow trailing
6 backslashes in components
|
52003-05-08 Love H�rnquist �strand <lha@it.su.se> |
6
|
8 * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
|
7 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 8 support |
9
|
10 * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
11 keytabs
|
10 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't 11 v4 support |
12
|
13 * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
14 two hex digits
|
13 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 14 support |
15
|
16 * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
17 the newline to NUL in fgets results.
|
162003-05-06 Johan Danielsson <joda@pdc.kth.se> |
17
|
19 * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
20 newline to NUL in fgets results.
|
18 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 19 tests |
20
|
22 * lib/krb5/keytab_file.c: pull up 1.12; check return value from
23 start_seq_get
|
21 * lib/asn1/check-gen.c: there is no \e escape sequence; replace 22 everything with hex-codes, and cast to unsigned char* to make some 23 compilers happy |
24
|
25 * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
26 when "unconfigured"
|
252003-05-06 Love H�rnquist �strand <lha@it.su.se> |
26
|
28 * lib/krb5/changepw.c: pull up 1.38; fix reply length check
29 calculation
|
27 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 28 argument to krb5_us_timeofday have correct type 29 302003-05-05 Assar Westerlund <assar@kth.se> |
31
|
31 * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
|
32 * include/make_crypto.c (main): include aes.h if ENABLE_AES |
33
|
33 * kdc/kaserver.c: pull up 1.21; make sure life is positive
|
342003-05-05 Love H�rnquist �strand <lha@it.su.se> |
35
|
35 * fix-export: pull up 1.28; remove autom4ate.cache
|
36 * NEWS: 1.108->1.110: fix text about gssapi compat 37 382003-04-28 Love H�rnquist �strand <lha@it.su.se> |
39
|
372002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
40 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, 41 from openbsd |
42
|
39 * Release 0.5
|
432003-04-24 Love H�rnquist �strand <lha@it.su.se> |
44
|
41 * include/make_crypto.c: don't use function macros if possible
|
45 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc 46 <jmc@prioris.mini.pw.edu.pl> |
47
|
43 * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
|
482003-04-22 Love H�rnquist �strand <lha@it.su.se> |
49
|
45 * include/Makefile.am: use make_crypto to create crypto-headers.h
|
50 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org 51 via openbsd |
52
|
47 * include/make_crypto.c: crypto header generation tool
|
532003-04-17 Love H�rnquist �strand <lha@it.su.se> |
54
|
49 * configure.in: move crypto test to just after testing for krb4,
50 and move roken tests to after both, this speeds up various failure
51 cases with krb4
|
55 * lib/asn1/der_copy.c (copy_general_string): use strdup 56 * lib/asn1/der_put.c: remove sprintf 57 * lib/asn1/gen.c: remove strcpy/sprintf 58 59 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 60 that other (me) have such hosts in the local domain and the tests 61 fails, to take hokkigai.pdc.kth.se instead 62 63 * lib/krb5/test_alname.c: add --version and --help 64 652003-04-16 Love H�rnquist �strand <lha@it.su.se> |
66
|
53 * lib/krb5/config_file.c: don't use NULL when we mean 0
|
67 * lib/krb5/krb5_warn.3: add krb5_get_err_text 68 69 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 70 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 71 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 72 strlcpy, from openbsd 73 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 74 * appl/kf/kfd.c: use strlcpy, from openbsd 75 762003-04-16 Johan Danielsson <joda@pdc.kth.se> |
77
|
55 * configure.in: we don't set package_libdir anymore, so no point
56 in testing for it
|
78 * configure.in: fix for large file support in AIX, _LARGE_FILES 79 needs to be defined on the command line, since lex likes to 80 include stdio.h before we get to config.h |
81
|
58 * tools/Makefile.am: subst INCLUDE_des
|
822003-04-16 Love H�rnquist �strand <lha@it.su.se> 83 84 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 85 from Thomas Klausner <wiz@netbsd.org> 86 87 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 88 <wiz@netbsd.org> |
89
|
60 * tools/krb5-config.in: add INCLUDE_des to cflags
|
902003-04-15 Love H�rnquist �strand <lha@it.su.se> |
91
|
62 * configure.in: use AC_CONFIG_SRCDIR
|
92 * kdc/kerberos5.c: fix some more memory leaks 93 942003-04-11 Love H�rnquist �strand <lha@it.su.se> |
95
|
64 * fix-export: remove some unneeded stuff
|
96 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 97 982003-04-08 Love H�rnquist �strand <lha@it.su.se> |
99
|
66 * kuser/kinit.c (do_524init): free principals
|
100 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 101 1022003-04-06 Love H�rnquist �strand <lha@it.su.se> |
103
|
682002-09-09 Jacques Vidrine <nectar@kth.se>
|
104 * lib/krb5/krb5.3: s/kerberos/Kerberos/ 105 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 106 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 107 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 108 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 109 * kuser/kinit.1: s/kerberos/Kerberos/ 110 * kdc/kdc.8: s/kerberos/Kerberos/ 111 1122003-04-01 Love H�rnquist �strand <lha@it.su.se> |
113
|
70 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
71 kdc/kaserver.c (krb5_ret_xdr_data),
72 lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
73 counts: Check that they are non-negative, and that they are small
74 enough to avoid integer overflow when used in memory allocation
75 calculations. Potential problem areas pointed out by
76 Sebastian Krahmer <krahmer@suse.de>.
|
114 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 115 116 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 117 converting too root, make sure user is ok according to 118 krb5_kuserok before allowing it. |
119
|
78 * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
79 creating a new keyfile.
|
120 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 121 122 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 123 124 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 125 instead of the "illegal" salt #~, same change as kth-krb did 126 1999. Problems occur with crypt() that behaves like AT&T crypt 127 (openssl does this). Pointed out by Marcus Watts. |
128
|
812002-09-09 Johan Danielsson <joda@pdc.kth.se>
|
129 * admin/change.c (kt_change): collect all principals we are going 130 to change, and pick the highest kvno and use that to guess what 131 kvno the resulting kvno is going to be. Now two ktutil change in a 132 row works. XXX fix the protocol to pass the kvno back. 133 1342003-03-31 Love H�rnquist �strand <lha@it.su.se> |
135
|
83 * configure.in: don't try to build pam module
|
136 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 137 1382003-03-30 Love H�rnquist �strand <lha@it.su.se> |
139
|
852002-09-05 Johan Danielsson <joda@pdc.kth.se>
|
140 * doc/setup.texi: add description on how to turn on v4, 524 and 141 kaserver support |
142
|
87 * appl/kf/kf.c: fix warning string
|
1432003-03-29 Love H�rnquist �strand <lha@it.su.se> |
144
|
89 * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
90 know we need it
|
145 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 146 and afs-use-524 |
147
|
922002-09-04 Assar Westerlund <assar@kth.se>
|
1482003-03-28 Love H�rnquist �strand <lha@it.su.se> |
149
|
94 * kdc/kerberos5.c (encode_reply): correct error logging
|
150 * kdc/kerberos5.c (as_rep): when the second enctype_to_string 151 failes, remember to free memory from the first enctype_to_string |
152
|
962002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
153 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 154 from Harald Joerg <harald.joerg@fujitsu-siemens.com> 155 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc |
156
|
98 * lib/krb5/sendauth.c: close ccache if we opened it
|
157 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 158 length when key is longer then expected length, its probably 159 longer since the encrypted data was padded, reported by Aidan 160 Cully <aidan@kublai.com> |
161
|
100 * appl/kf/kf.c: handle new protocol
|
162 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 163 encyption type, inspired by Aidan Cully <aidan@kublai.com> 164 1652003-03-27 Love H�rnquist �strand <lha@it.su.se> |
166
|
102 * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
103 handle the new protocol, and bail out if an old client tries to
104 connect
|
167 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 168 (wildcard kvno) after principal when the keytab entry isn't found, 169 reported by Chris Chiappa <chris@chiappa.net> 170 1712003-03-26 Love H�rnquist �strand <lha@it.su.se> |
172
|
106 * appl/kf/kf_locl.h: we need a protocol version string
|
173 * doc/misc.texi: update 2b example to match reality (from 174 mattiasa@e.kth.se) |
175
|
108 * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
|
176 * doc/misc.texi: spelling and add `Configuring AFS clients' 177 subsection |
178
|
110 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
|
1792003-03-25 Love H�rnquist �strand <lha@it.su.se> |
180
|
112 * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
|
181 * lib/krb5/krb5.3: add krb5_free_data_contents.3 182 183 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 184 API |
185
|
114 * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
115
116 * lib/asn1/gen.c: add convenience macro that allocates a buffer
117 and encoded into that
118
119 * lib/krb5/get_cred.c (init_tgs_req): use
120 in_creds->session.keytype literally instead of trying to convert
121 to a list of enctypes (it should already be an enctype)
|
186 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 187 with MIT API |
188
|
123 * lib/krb5/get_cred.c (init_tgs_req): init ret
|
189 * lib/krb5/krb5_verify_user.3: write more about how the ccache 190 argument should be inited when used 191 1922003-03-25 Johan Danielsson <joda@pdc.kth.se> |
193
|
1252002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
194 * lib/krb5/addr_families.c (krb5_print_address): make sure 195 print_addr is defined for the given address type; make addrports 196 printable |
197
|
127 * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
|
198 * kdc/string2key.c: print the used enctype for kerberos 5 keys |
199
|
129 * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
|
2002003-03-25 Love H�rnquist �strand <lha@it.su.se> |
201
|
131 * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
132 zero ivec in DES3_CBC_encrypt if passed ivec is NULL
|
202 * lib/krb5/aes-test.c: add another arcfour test 203 2042003-03-22 Love H�rnquist �strand <lha@it.su.se> |
205
|
134 * lib/krb5/Makefile.am: back out 1.144, since it will re-create
135 krb5-protos.h at build-time, which requires perl, which is bad
|
206 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 207 2082003-03-20 Love H�rnquist �strand <lha@it.su.se> 209 210 * lib/krb5/krb5_ccache.3: update .Dd |
211
|
137 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
138 blindly use the local subkey
|
212 * lib/krb5/krb5.3: sort in krb5_data functions |
213
|
140 * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
141 extracts the required blocksize from a crypto context
|
214 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 |
215
|
143 * lib/krb5/build_auth.c: just get the length of the encoded
144 authenticator instead of trying to grow a buffer
|
216 * lib/krb5/krb5_data.3: document krb5_data |
217
|
1462002-09-03 Assar Westerlund <assar@kth.se>
|
218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 219 prompter is NULL, don't try to ask for a password to 220 change. reported by Iain Moffat @ ufl.edu via Howard Chu 221 <hyc@highlandsun.com> |
222
|
148 * configure.in: add --disable-mmap option, and tests for
149 sys/mman.h and mmap
|
2232003-03-19 Love H�rnquist �strand <lha@it.su.se> |
224
|
1512002-09-03 Jacques Vidrine <nectar@kth.se>
|
225 * lib/krb5/krb5_keytab.3: spelling, from 226 <jmc@prioris.mini.pw.edu.pl> |
227
|
153 * lib/krb5/changepw.c: verify lengths in response
|
228 * lib/krb5/krb5.conf.5: . means new line 229 230 * lib/krb5/krb5.conf.5: spelling, from 231 <jmc@prioris.mini.pw.edu.pl> |
232
|
155 * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
156 truncated integers
|
233 * lib/krb5/krb5_auth_context.3: spelling, from 234 <jmc@prioris.mini.pw.edu.pl> |
235
|
1582002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
2362003-03-18 Love H�rnquist �strand <lha@it.su.se> |
237
|
160 * lib/krb5/mk_req_ext.c: generate a local subkey if
161 AP_OPTS_USE_SUBKEY is set
|
238 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 239 240 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 241 242 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time |
243
|
163 * lib/krb5/build_auth.c: we don't have enough information about
164 whether to generate a local subkey here, so don't try to
|
244 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 245 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 246 247 * kdc/config.c: 524 is independent of kerberos 4, so move out 248 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 249 2502003-03-17 Assar Westerlund <assar@kth.se> |
251
|
166 * lib/krb5/auth_context.c: new function
167 krb5_auth_con_generatelocalsubkey
|
252 * kdc/kdc.8: document --kerberos4-cross-realm 253 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 254 * kdc/kdc_locl.h (enable_v4_cross_realm): add 255 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 256 flag before giving out v4 tickets for foreign v5 principals 257 * kdc/config.c: add --enable-kerberos4-cross-realm option (default 258 to off) |
259
|
169 * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
170 initial ticket
|
2602003-03-17 Love H�rnquist �strand <lha@it.su.se> |
261
|
172 * lib/krb5/context.c (init_context_from_config_file): simplify
173 initialisation of srv_lookup
|
262 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 263 264 * lib/krb5/krb5_aname_to_localname.3: manpage for 265 krb5_aname_to_localname |
266
|
175 * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
|
267 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 268 2692003-03-16 Love H�rnquist �strand <lha@it.su.se> |
270
|
177 * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
|
271 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 |
272
|
1792002-08-30 Assar Westerlund <assar@kth.se>
|
273 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 |
274
|
181 * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
182 * lib/krb5/Makefile.am (TESTS): add name-45-test
183 * lib/krb5/name-45-test.c: add testcases for
184 krb5_425_conv_principal
|
275 * lib/krb5/krb5_set_default_realm.3: Manpage for 276 krb5_free_host_realm, krb5_get_default_realm, 277 krb5_get_default_realms, krb5_get_host_realm, and 278 krb5_set_default_realm. |
279
|
1862002-08-29 Assar Westerlund <assar@kth.se>
|
280 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 281 <sobrado@acm.org> via NetBSD |
282
|
188 * lib/krb5/parse-name-test.c: also test unparse_short functions
189 * lib/asn1/asn1_print.c: use com_err/error_message API
190 * lib/krb5/Makefile.am: add parse-name-test
191 * lib/krb5/parse-name-test.c: add a program for testing parsing
192 and unparsing principal names
193
1942002-08-28 Assar Westerlund <assar@kth.se>
195
196 * kdc/config.c: add missing ifdef DAEMON
197
1982002-08-28 Johan Danielsson <joda@pdc.kth.se>
199
200 * configure.in: use rk_SUNOS
201
202 * kdc/config.c: add detach options
203
204 * kdc/main.c: maybe detach from console?
205
206 * kdc/kdc.8: markup changes
207
208 * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
209
210 * configure.in: use rk_TELNET, rename some other macros, and don't
211 add -ldes to krb4 link command
212
213 * kuser/kinit.1: whitespace fix (from NetBSD)
214
215 * include/bits.c: we may need unistd.h for ssize_t
216
2172002-08-26 Assar Westerlund <assar@kth.se>
218
219 * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
220 rrs before A ones when using the resolver to verify a mapping,
221 also use getaddrinfo when resolver is not available
222
223 * lib/hdb/keytab.c (find_db): const-correctness in parameters to
224 krb5_config_get_next
225
226 * lib/asn1/gen.c: include <string.h> in the generated files (for
227 memset)
228
2292002-08-22 Assar Westerlund <assar@kth.se>
230
231 * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
232 getarg so that it can handle --help and --version (and thus make
233 check can pass)
234
235 * lib/asn1/check-der.c: make this build again
236
2372002-08-22 Assar Westerlund <assar@kth.se>
238
239 * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
240 patch from Love <lha@stacken.kth.se>
241
2422002-08-22 Johan Danielsson <joda@pdc.kth.se>
243
244 * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
245 KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
|
283 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type |
284
|
247 * kdc/kdc.8: add blurb about adding and removing addresses; update
248 kdc.conf section to match reality
249
250 * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
251 don't define it
|
285 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab |
286
|
2532002-08-21 Assar Westerlund <assar@kth.se>
|
287 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix |
288
|
255 * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
256 Love <lha@stacken.kth.se>
257
2582002-08-21 Johan Danielsson <joda@pdc.kth.se>
259
260 * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
261 since it might not exist, and we don't actually care about the key
|
289 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 290 types, add krb5_fcc_ops and krb5_mcc_ops |
291
|
2632002-08-20 Johan Danielsson <joda@pdc.kth.se>
|
292 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 293 a id |
294
|
265 * lib/krb5/krb5.conf.5: correct documentation for
266 verify_ap_req_nofail
|
2952003-03-15 Love H�rnquist �strand <lha@it.su.se> |
296
|
268 * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
269 Mattias Amnefelt)
|
297 * doc/intro.texi: add reference to source code, binaries and the 298 manual |
299
|
271 * kuser/klist.c (display_tokens): increase token buffer size, and
272 add more checks of the kernel data (from Love)
|
300 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 301 3022003-03-14 Love H�rnquist �strand <lha@it.su.se> |
303
|
2742002-08-19 Johan Danielsson <joda@pdc.kth.se>
|
304 * kdc/kdc.8: better/difrent english |
305
|
276 * fix-export: use make to parse Makefile.am instead of perl
|
306 * kdc/kdc.8: . -> .\n, copyright/license 307 308 * kdc/kdc.8: changed configuration file -> restart kdc |
309
|
278 * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
279 groks AC_INIT with package name etc.
|
310 * kdc/kerberos4.c: add krb4 into the most error messages written 311 to the logfile |
312
|
281 * kpasswd/kpasswdd.c: include <kadm5/private.h>
|
313 * lib/krb5/krb5_ccache.3: add missing name of argument 314 (krb5_context) to most functions |
315
|
283 * lib/asn1/asn1_print.c: include com_right.h
|
3162003-03-13 Love H�rnquist �strand <lha@it.su.se> |
317
|
285 * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
|
318 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 319 function and return FALSE when there isn't a local account for 320 `luser'. |
321
|
287 * include/bits.c: define krb5_socklen_t type; this should really
288 go someplace else, but this was easy
|
322 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 323 describing the function |
324
|
290 * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
291 fails, just warn about it
|
3252003-03-12 Love H�rnquist �strand <lha@it.su.se> |
326
|
293 * kdc/log.c (kdc_openlog): no need for a config_file parameter
|
327 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 328 returned memory, don't return ENOMEM |
329
|
295 * kdc/config.c: just treat kdc.conf like any other config file
|
3302003-03-11 Love H�rnquist �strand <lha@it.su.se> |
331
|
297 * lib/krb5/context.c (krb5_get_default_config_files): ignore
298 duplicate files
|
332 * lib/krb5/krb5.3: add krb5_address stuff and sort 333 334 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 335 336 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 337 338 * lib/krb5/krb5_address.3: document types krb5_address and 339 krb5_addresses and their helper functions |
340
|
3002002-08-16 Johan Danielsson <joda@pdc.kth.se>
|
3412003-03-10 Love H�rnquist �strand <lha@it.su.se> |
342
|
302 * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
303 them
|
343 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 |
344
|
305 * lib/krb5/constants.c: turn strings into pointers, so we can
306 assign to them
|
345 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se |
346
|
308 * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
309 SCAN_INTERFACES is not set
|
347 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 |
348
|
311 * lib/krb5/context.c: fix various borked stuff in previous commits
|
349 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 350 351 * lib/krb5/krb5.3: add more functions 352 353 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 354 functions |
355
|
3132002-08-16 Jacques Vidrine <n@nectar.com>
|
356 * lib/krb5/krb5_kuserok.3: document krb5_kuserok 357 358 * lib/krb5/krb5_verify_user.3: document 359 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior |
360
|
315 * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
316 the `admin_server' entry for kpasswd, override the `proto' result
317 to be UDP.
|
361 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 362 krb5_verify_user_opt |
363
|
3192002-08-15 Johan Danielsson <joda@pdc.kth.se>
|
364 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages |
365
|
321 * lib/krb5/auth_context.c: check return value of
322 krb5_sockaddr2address
|
366 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 367 return NULL |
368
|
324 * lib/krb5/addr_families.c: check return value of
325 krb5_sockaddr2address
|
369 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 370 (TESTS): add test_cc |
371
|
327 * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
|
372 * lib/krb5/test_cc.c: test some 373 krb5_cc_default_name/krb5_cc_set_default_name combinations 374 375 * lib/krb5/context.c (init_context_from_config_file): set 376 default_cc_name to NULL 377 (krb5_free_context): free default_cc_name if set |
378
|
3292002-08-14 Johan Danielsson <joda@pdc.kth.se>
|
379 * lib/krb5/cache.c (krb5_cc_set_default_name): new function 380 (krb5_cc_default_name): use krb5_cc_set_default_name |
381
|
331 * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
|
382 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 383 3842003-02-25 Love H�rnquist �strand <lha@it.su.se> |
385
|
333 * lib/krb5/context.c: allow changing config files with the
334 function krb5_set_config_files, there are also related functions
335 krb5_get_default_config_files and krb5_free_config_files; these
336 should work similar to their MIT counterparts
|
386 * appl/kf/kf.1: s/securly/securely/ from NetBSD 387 3882003-02-18 Love H�rnquist �strand <lha@it.su.se> |
389
|
338 * lib/krb5/config_file.c: allow the use of more than one config
339 file by using the new function krb5_config_parse_file_multi
|
390 * kdc/connect.c: s/intialize/initialize, from 391 <jmc@prioris.mini.pw.edu.pl> |
392
|
3412002-08-12 Johan Danielsson <joda@pdc.kth.se>
|
3932003-02-17 Love H�rnquist �strand <lha@it.su.se> |
394
|
343 * use sysconfdir instead of /etc
|
395 * configure.in: add AM_MAINTAINER_MODE 396 3972003-02-16 Love H�rnquist �strand <lha@it.su.se> |
398
|
345 * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
346 to appease automake; force sysconfdir and localstatedir to /etc
347 and /var/heimdal for now
|
399 * **/*.[0-9]: add copyright/licenses on all manpages |
400
|
349 * kdc/connect.c (addr_to_string): check return value of
350 sockaddr2address
|
4012003-14-16 Jacques Vidrine <nectar@kth.se> |
402
|
3522002-08-09 Johan Danielsson <joda@pdc.kth.se>
|
403 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 404 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 405 type specified by the KDC. |
406
|
354 * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
355 don't try comparing to one; this should make old clients work with
356 new servers
|
4072003-02-15 Love H�rnquist �strand <lha@it.su.se> |
408
|
358 * lib/asn1/gen_decode.c: remove unused variable
|
409 * fix-export: some autoconf put their version number in 410 autom4te.cache, so remove autom4te*.cache 411 412 * fix-export: make sure $1 is a directory 413 4142003-02-04 Love H�rnquist �strand <lha@it.su.se> |
415
|
3602002-07-31 Johan Danielsson <joda@pdc.kth.se>
|
416 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> |
417
|
362 * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
363 Brashear)
|
418 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 419 4202003-01-31 Love H�rnquist �strand <lha@it.su.se> |
421
|
365 * lib/krb5/principal.c: actually lower case the lower case
366 instance name (spotted by Derrick Brashear)
|
422 * kdc/hpropd.8: s/databases/a database/ s/Not/not/ |
423
|
3682002-07-24 Johan Danielsson <joda@pdc.kth.se>
|
424 * kdc/hprop.8: add missing . 425 4262003-01-30 Love H�rnquist �strand <lha@it.su.se> |
427
|
370 * fix-export: if DATEDVERSION is set, change the version to
371 current date
|
428 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 429 address, write out encryption type in sentences, s/Host/host 430 4312003-01-26 Love H�rnquist �strand <lha@it.su.se> |
432
|
373 * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
374 LTLIBOBJS
|
433 * lib/asn1/check-gen.c: add checks for Authenticator too 434 4352003-01-25 Love H�rnquist �strand <lha@it.su.se> |
436
|
3762002-07-04 Johan Danielsson <joda@pdc.kth.se>
|
437 * doc/setup.texi: in the hprop example, use hprop and the first 438 component, not host |
439
|
378 * kdc/connect.c: add some cache-control-foo to the http responses
379 (from Gombas Gabor)
|
440 * lib/krb5/get_addrs.c (find_all_addresses): address-less 441 point-to-point might not have an address, just ignore 442 those. Reported by Harald Barth. |
443
|
381 * lib/krb5/addr_families.c (krb5_print_address): don't copy size
382 if ret_len == NULL
|
4442003-01-23 Love H�rnquist �strand <lha@it.su.se> |
445
|
3842002-06-28 Johan Danielsson <joda@pdc.kth.se>
|
446 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 447 found, don't print out all known keys |
448
|
386 * kuser/klist.c (display_tokens): don't bail out before we get
387 EDOM (signaling the end of the tokens), the kernel can also return
388 ENOTCONN, meaning that the index does not exist anymore (for
389 example if the token has expired)
|
449 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 450 and facility start resp 451 (check_log): find_value() returns -1 when key isn't found |
452
|
3912002-06-06 Johan Danielsson <joda@pdc.kth.se>
|
453 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 454 'const void *' to avoid AES_KEY being exposed in krb5-private.h 455 456 * lib/krb5/krb5.conf.5: add [kdc]use_2b |
457
|
393 * lib/krb5/changepw.c: make sure we return an error if there are
394 no changepw hosts found; from Wynn Wilkes
|
458 * kdc/524.c (encode_524_response): its 2b not b2 459 460 * doc/misc.texi: quote @ where missing 461 462 * lib/asn1/Makefile.am: add check-gen 463 464 * lib/asn1/check-gen.c: add Principal check 465 466 * lib/asn1/check-common.h: move generic asn1/der functions from 467 check-der.c to here |
468
|
3962002-05-29 Johan Danielsson <joda@pdc.kth.se>
|
469 * lib/asn1/check-common.c: move generic asn1/der functions from 470 check-der.c to here |
471
|
398 * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
399 same type is found; spotted by Wynn Wilkes
|
472 * lib/asn1/check-der.c: move out the generic asn1/der functions to 473 a common file |
474
|
4012002-05-15 Johan Danielsson <joda@pdc.kth.se>
|
4752003-01-22 Love H�rnquist �strand <lha@it.su.se> |
476
|
403 * kdc/kerberos5.c: don't free encrypted padata until we're really
404 done with it
|
477 * doc/misc.texi: more text about afs, how to get get your KeyFile, 478 and how to start use 2b tokens |
479
|
4062002-05-07 Johan Danielsson <joda@pdc.kth.se>
|
480 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 481 <jmc@cvs.openbsd.org> 482 4832003-01-21 Jacques Vidrine <nectar@kth.se> |
484
|
408 * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
409 enctype
|
485 * kuser/kuser_locl.h: include crypto-headers.h for 486 des_read_pw_string prototype |
487
|
411 * kuser/kinit.1: document -a
|
4882003-01-16 Love H�rnquist �strand <lha@it.su.se> |
489
|
413 * kuser/kinit.c: add command line switch for extra addresses
|
490 * admin/ktutil.8: document -v, --verbose |
491
|
4152002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
|
492 * admin/get.c (kt_get): make getarg usage consistent with other 493 other parts of ktutil |
494
|
417 * configure.in: remove some duplicate tests
|
495 * admin/copy.c (kt_copy): remove adding verbose_flag to args 496 struct, since it will overrun the args array (from Sumit Bose) 497 4982003-01-15 Love H�rnquist �strand <lha@it.su.se> |
499
|
419 * configure.in: use AC_HELP_STRING
|
500 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 501 ... } |
502
|
4212002-04-29 Johan Danielsson <joda@pdc.kth.se>
|
503 * lib/krb5/aes-test.c: test vectors in aes-draft 504 505 * lib/krb5/Makefile.am: add aes-test.c |
506
|
423 * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
424 unknown
|
507 * lib/krb5/crypto.c: Add support for AES 508 (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 509 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 510 to support checksumtype that are have a shorter wireformat then 511 their output block size. 512 513 * lib/krb5/crypto.c (struct encryption_type): split the blocksize 514 into blocksize and padsize, padsize is the minimum padding 515 size. they are the same for now 516 (enctype_*): add padsize 517 (encrypt_internal): use padsize 518 (encrypt_internal_derived): use padsize 519 (wrapped_length): use padsize 520 (wrapped_length_dervied): use padsize |
521
|
4262002-04-25 Johan Danielsson <joda@pdc.kth.se>
427
428 * configure.in: use rk_DESTDIRS
429
4302002-04-22 Johan Danielsson <joda@pdc.kth.se>
431
432 * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
433 the principal
434
4352002-04-19 Johan Danielsson <joda@pdc.kth.se>
436
437 * lib/krb5/verify_init.c: fix typo in error string
438
4392002-04-18 Johan Danielsson <joda@pdc.kth.se>
440
441 * acconfig.h: remove some stuff that is defined elsewhere
442
443 * lib/krb5/krb5_locl.h: include <sys/file.h>
444
445 * lib/krb5/acl.c: rename acl_string parameter
446
447 * lib/krb5/Makefile.am: remove __P from protos, and put parameter
448 names in comments
449
450 * kuser/klist.c: better align some headers
451
452 * kdc/kerberos4.c: storage tweaks
453
454 * kdc/kaserver.c: storage tweaks
455
456 * kdc/524.c: storage tweaks
457
458 * lib/krb5/keytab_krb4.c: storage tweaks
459
460 * lib/krb5/keytab_keyfile.c: storage tweaks
461
462 * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
463 sized keytab files
464
465 * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
466
467 * lib/krb5/fcache.c: storage tweaks
468
469 * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
470 function wrappers for store/fetch/seek, and also make the eof-code
471 configurable
472
473 * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
474 function wrappers for store/fetch/seek, and also make the eof-code
475 configurable
476
477 * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
478 function wrappers for store/fetch/seek, and also make the eof-code
479 configurable
480
481 * lib/krb5/store.c: make the krb5_storage opaque, and add function
482 wrappers for store/fetch/seek, and also make the eof-code
483 configurable
484
485 * lib/krb5/store-int.h: make the krb5_storage opaque, and add
486 function wrappers for store/fetch/seek, and also make the eof-code
487 configurable
488
489 * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
490 wrappers for store/fetch/seek, and also make the eof-code
491 configurable
492
493 * include/bits.c: include <sys/socket.h> to get socklen_t
494
495 * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
496 requested KDC-REQ etypes
497
498 * kdc/hpropd.c: constify
499
500 * kdc/hprop.c: constify
501
502 * kdc/string2key.c: constify
503
504 * kdc/kdc_locl.h: make port_str const
505
506 * kdc/config.c: constify
507
508 * lib/krb5/config_file.c: constify
509
510 * kdc/kstash.c: constify
511
512 * lib/krb5/verify_user.c: remove unnecessary cast
513
514 * lib/krb5/recvauth.c: constify
515
516 * lib/krb5/principal.c (krb5_parse_name): const qualify
517
518 * lib/krb5/mcache.c (mcc_get_name): constify return type
519
520 * lib/krb5/context.c (krb5_free_context): don't try to free the
521 ccache prefix
522
523 * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
524 prefix
525
526 * lib/krb5/krb5.h: constify some struct members
527
528 * lib/krb5/log.c: constify
529
530 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
531 qualify
532
533 * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
534
535 * lib/krb5/crypto.c: constify some
536
537 * lib/krb5/config_file.c: constify
538
539 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
540 constify local variable
541
542 * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
543
5442002-04-17 Johan Danielsson <joda@pdc.kth.se>
545
546 * lib/krb5/verify_krb5_conf.c: add some log checking
|
522 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 523 function for each enctype in preparation enctypes that uses 524 `Encryption and Checksum Specifications for Kerberos 5' draft |
525
|
548 * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
|
526 * lib/asn1/k5.asn1: add checksum and enctype for AES from 527 draft-raeburn-krb-rijndael-krb-02.txt |
528
|
5502002-04-16 Johan Danielsson <joda@pdc.kth.se>
|
529 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 530 KEYTYPE_AES256 |
531
|
552 * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
553 matches the expected length
|
5322003-01-14 Love H�rnquist �strand <lha@it.su.se> |
533
|
5552002-03-27 Johan Danielsson <joda@pdc.kth.se>
|
534 * lib/hdb/common.c (_hdb_fetch): handle error code from 535 hdb_value2entry |
536
|
557 * lib/krb5/send_to_kdc.c: rename send parameter to send_data
|
537 * kdc/Makefile.am: always include kerberos4.c and 524.c in 538 kdc_SOURCES to support 524 |
539
|
559 * lib/krb5/mk_error.c: rename ctime parameter to client_time
560
5612002-03-22 Johan Danielsson <joda@pdc.kth.se>
562
563 * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
564 Reinoud Zandijk)
565
5662002-03-18 Johan Danielsson <joda@pdc.kth.se>
567
568 * lib/asn1/k5.asn1: add the GSS-API checksum type here
569
5702002-03-11 Assar Westerlund <assar@sics.se>
571
572 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
573 18:3:1
574 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
575 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
|
540 * kdc/524.c: always compile in support for 524 |
541
|
5772002-03-10 Assar Westerlund <assar@sics.se>
|
542 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 543 544 * kdc/config.c: always compile in support for 524 545 546 * kdc/connect.c: always compile in support for 524 547 548 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 549 even when we build without kerberos 4, 524 needs them 550 551 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 552 Kerberos 4 help functions/structures so other parts of the source 553 tree can use it (like the KDC) |
554
|
579 * lib/krb5/rd_cred.c: handle addresses with port numbers
580
581 * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
582 store the kvno % 256 as the byte and the complete 32 bit kvno after
583 the end of the current keytab entry
584
585 * lib/krb5/init_creds_pw.c:
586 handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
587
588 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
589 handle ports giving for the remote address
590
591 * lib/krb5/get_cred.c:
592 get a ticket with no addresses if no-addresses is set
593
594 * lib/krb5/crypto.c:
595 rename functions DES_* to krb5_* to avoid colliding with modern
596 openssl
597
598 * lib/krb5/addr_families.c:
599 make all functions taking 'struct sockaddr' actually take a socklen_t
600 instead of int and that acts as an in-out parameter (indicating the
601 maximum length of the sockaddr to be written)
602
603 * kdc/kerberos4.c:
604 make the kvno's in the krb4 universe by the real one % 256, since they
605 cannot only be 8 bit, and the v5 ones are actually 32 bits
606
6072002-02-15 Johan Danielsson <joda@pdc.kth.se>
608
609 * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
610 before we need to write to it
611 (from �ke Sandgren)
612
6132002-02-14 Johan Danielsson <joda@pdc.kth.se>
614
615 * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
616 rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
617 directly
618
619 * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
620 Kouril)
621
6222002-02-12 Johan Danielsson <joda@pdc.kth.se>
623
624 * lib/krb5/context.c (krb5_get_err_text): protect against NULL
625 context
626
6272002-02-11 Johan Danielsson <joda@pdc.kth.se>
628
629 * admin/ktutil.c: no need to use the "modify" keytab anymore
630
631 * lib/krb5/keytab_any.c: implement add and remove
632
633 * lib/krb5/keytab_krb4.c: implement add and remove
634
635 * lib/krb5/store_emem.c (emem_free): clear memory before freeing
636 (this should perhaps be selectable with a flag)
637
6382002-02-04 Johan Danielsson <joda@pdc.kth.se>
639
640 * kdc/config.c (get_dbinfo): if there are database specifications
641 in the config file, don't automatically try to use the default
642 values (from Gombas Gabor)
643
644 * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
645 (from Gombas Gabor)
646
6472002-01-30 Johan Danielsson <joda@pdc.kth.se>
648
649 * admin/list.c: get the default keytab from krb5.conf, and list
650 all parts of an ANY type keytab
651
652 * lib/krb5/context.c: default default_keytab_modify to NULL
653
654 * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
655 name is specified take it from the first component of the default
656 keytab name
657
6582002-01-29 Johan Danielsson <joda@pdc.kth.se>
659
660 * lib/krb5/keytab.c: compare keytab types case insensitively
661
6622002-01-07 Assar Westerlund <assar@sics.se>
663
664 * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
665 not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
666 * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
667 Harris <bjh21@netbsd.org>
668 * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
669 Harris <bjh21@netbsd.org>
670 * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
671 <bjh21@netbsd.org>
|
|